This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of crafted IOCTL by the windrvr12xx kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. This module will elevate the privileges of the current agent instead of installing a new one.

A stack-based buffer overflow in WECON LeviStudio HMI Editor allows an attacker to execute arbitrary code via crafted .UMP file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

The page served when the link is clicked will attempt to gather information about the browser version, operative system and browser plugins. Additionally an NTLM handshake will be attempted if the parameter Request NTLM auth is set to yes. Finally the victim will be redirected to the URL specified by Redirect to URL parameter.

The page served impersonates the given URL web page and its web forms. It will retrieve the information entered by the user in the web forms when it's submitted and redirect the user to the original web page. This information will be stored into the target's email entity. It also attempts to gather information about the browser version, operating system and browser plugins.

VX Search Enterprise is prone to a buffer-overflow vulnerability when handling a crafted packet, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.

Adobe ColdFusion is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.

The application allows an attacker to specify a server to perform authentication. That server also allows to execute controlled SQL directly against the database. This module abuses of the previous vulnerabilities in order execute an agent as SYSTEM.

This module exploits a memory corruption vulnerability in the Linux kernel. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption that can be used by an attacker to escalate privileges.

Apache Tomcat allows the upload of JSP files to unauthenticated users via a specially crafted request when the readonly initialization parameter of the Default servlet is set to false.

This module exploits a zip file upload directory traversal in ATutor AContent to install an agent.